U.S. Bars Lab From Testing E-Voting Machines

joshdick writes to point out a NYTimes story on the decertification of Ciber Inc. from testing electronic voting systems. It will come as a surprise to no-one here on Slashdot that experts say the deficiencies of the laboratory suggest that crucial features like the vote-counting software and security against hacking may not have been thoroughly tested on many machines now in use. From the article: "A laboratory that has tested most of the nation's electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests... The federal Election Assistance Commission made this decision last summer, but the problem was not disclosed then... Ciber... says it is fixing its problems and expects to gain certification soon."

The real question

[morgan_greywolf]

The real question is whether or not Ciber were following their procedures, but why they were not. There should be a full-scale investigation into things like, oh, maybe how much money has passed between Diebold and Ciber, and how much stock ownership Diebold has in Ciber and vice-versa. If you want to know why things happen the way the do, one merely needs to follow the money.

so its a problem of documentation

[bhalter80]

Basically they've been bared from approving new machines until they add a step to their test cycle called "fabricate documents". Unless officials are overseeing (actively watching) the testing process there is no way to determine which tests were run and passed and which tests simply were documented as passing.

Re:WTF?

[Dorkmaster+Flek]

WTF is going on is that when you push A1, you physically get a Hershey chocolate bar. With electronic voting machines, you get nada. Zilch. Nothing. Diddly squat. Oh, except for a little screen that says you voted for Candidate A, but how do you know? You didn't mark off a piece of paper that can be verified by hand. Your vote is now a series of bits somewhere in the magical land of cyberspace. Electronic voting only works with a verifiable trail, and that basically defeats the purpose of the electoral system because your vote can now be checked and hence influenced. Give me our good old fashioned paper voting up here in Canada any day.

And the net real-world effect will be...?

[maidopolis]

I wonder whether this decertification will cause anyone to wonder about the advisedness of using these very same voting machines in elections?

After all, we would not want to use untested electronic equipment in other crucial areas of life, like medical equipment. Why allow them to run/determine elections?

Bigger problem -- waterfall process

[GGardner]

Even bigger than the immediate problems is the assumption that the waterfall method works for testing the correctness and security of software systems. Let's say that this testing organization finds a serious security problem with the already "finished" system, one that can't be quickly and easily fixed? What then? There will be huge pressure to force a quick fix in place. Instead, the security audit should happen in parallel with design and development, so security problems can be found and fixed closer to their commission.

Re:Bigger problem -- waterfall process

[aadvancedGIR]

No, what you are saying can work for internal validation, but here, we are talking about official certification.
1- it has a meaning only if it is performed on the exact system that will be delivered.
2- it absolutelly needs to be performed by an independant structure (they don't work for the audited manufacturer and have no financial interest in either aproving or rejecting the audited item).

Of course, it brings a less efficient process, but if those rules are not respected, the real reaction to the discovery of a bug may be "write that the test is OK or you're fired".

But why?

[PopeRatzo]

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

And not just replaced, but REPLACED RIGHT NOW with very little public input and negligible testing. Whenever I see such a huge rush to change something that's worked remarkably well for generations I get suspicious. When I see such a huge rush to change something that's worked for generations without any meaningful dialogue about whether it really should be done, I get even more suspicious.

When I see that same huge rush to change something upon which our Democracy depends, and that's been open to public scrutiny and has worked well for generations and replace it with some closed-source stuff that's not been sufficiently tested and the CEO of the company who provides said closed-source, easily hacked systems is also a major contributor to one of the political parties and who GUARANTEES DELIVERING A VICTORY TO THAT PARTY, I simply assume that the whole thing is pretty goddam crooked.

Re:But why?

[natoochtoniket]

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

It's really very simple. Paper records (such as ballots) are the evidence that can be used to verify the results of an election, or to prove when election rigging has occurred. If you want to rig elections without getting caught, it is essential that there be no evidence. Hence, the paper had to be eliminated from the process.

The only people who oppose paper ballots are the ones who want to rig elections.

Re:But why?

[Entrope]

I guess you don't remember 2000's election.. a large part of the push for electronic voting machines (and the Help America Vote Act, aka HAVA) was claims that older systems were inaccessible or misleading. Southern Florida's butterfly ballots, locales without Braille versions of the ballot, and others were seen as disenfranchising or miscounting votes. Those -- on both sides of the aisle -- who pushed for the change clearly did not think it through when setting deadlines.

Re:But why?

[forkazoo]

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

And not just replaced, but REPLACED RIGHT NOW with very little public input and negligible testing. Whenever I see such a huge rush to change something that's worked remarkably well for generations I get suspicious. When I see such a huge rush to change something that's worked for generations without any meaningful dialogue about whether it really should be done, I get even more suspicious.

In 2000, we realised that things were fucked up. Seriously, they really were. They had been for a long time, and we finally realised it. Florida shouldn't have gone down the way that it did.

So, after that mess happened, rather than a careful introspective discussion about the best way to ensure that democracy was served, some slick saleslobbyists showed up and the conversation went something like this:

"We have to do something!"
"This is something."
"We have to do this!"

Because the congresscritters knew that if they didn't look busy and make some noise at a press conference about how they passed legislation to save America and Freedom and that Democracy thingie, then they might get fired. They knew that the voters wouldn't read the bills. They knew the voters wouldn't deeply contemplate the bills. They also knew that if all hell did break lose, they would have another chance to have a press conference, pass another bill, and make some noise about how they saved that Democracy thingie that everybody talks about.

Re:But why?

[bigpat]

"Oh yeah because paper ballots were used so well to confirm the Florida elections in 2000 and sparking a constitutional crisis."

I consider paper ballots as where the person actually makes a mark with ink on a piece of paper, not some weird misconceived contraption where you punch holes in the paper with a poker. By that way of thinking even if the computer makes the actual mark you would still be calling it a paper ballot. Pen and paper, is it that inefficient that we are scrambling to get away from it?

Is it so hard to conceive of an imperfect world where people don't want to play by the rules, that election fraud is relegated to just another unfounded conspiracy theory in you mind?

I do think the motivations of some are very suspicious, but I think the motivations are probably more based on the desire to make money on voting equipment. That voting machines make election fraud easier and nearly undetectable maybe just a side benefit.

Oh and were those hanging chads really worse than a virtual electronic ballot? At least the malfunction in the system was detectable. In a computer, errors in programming or hardware, either intentional or not, would be somewhat abstracted from the final result. Personally, I would prefer that both I and the elected person know that there is some doubt as to the intentions of the electorate versus allowing a elected official to hold office without knowing that his or her election was the result of some funny business.

But yes, some people would rather live in a society without integrity where the conflicts and corruption is ignored for as long as possible. Short term peace at the expense of longer term integrity.

Re:But why?

[ajs318]

Only in the USA could a corporation's secrets be valued more highly than the Democratic Process.

Any voting system requires Universal Comprehensibility in order to be trustworthy. After all, how can you trust something that you cannot even understand? The use of Open Source Software is not enough: it restricts the set of people who can understand the system to competent programmers.

Elections should not depend upon any technology that is beyond the understanding of a school leaver with passing grades. Pencil, paper, slotted boxes, wire seals and hand-counting have been used successfully since democracy was first invented. Everybody can understand how they work -- and, just as crucially, all the potential failure modes.

What's more, using complex machinery doesn't change the failure modes, nor the need for vigilance. If the voting machines use a paper journal roll, someone still has to inspect each and every machine to make sure that the take-up spool is empty at the beginning of the election, and certify same by fitting a tamper-evident seal which prevents the machine from accepting votes. How is that any better than someone checking that each and every ballot box is empty, and sealing the slot with a tamper-evident seal?

Re:But why?

[bigpat]

Is it so hard to realize that the paper ballots/trails are just as susceptible to election fraud as electronic ballots such that electronic voting is just another unfounded conspiracy theory in your mind?

Yes, it is. Election fraud is much harder to pull off when it involves someone actually putting pen to paper. Logistics are important to election fraud because it has to involve as few people as possible and be very uncomplicated to assure success. Pressing a few buttons on a computer and having a voting history destroyed or writing a program that simulates vote casting is much easier and importantly could involve fewer people than physically creating individual frauds of paper ballots.

Oh well then, let me update my rant:

"This circle is half colored in. Obviously the voter intended to vote for my candidate."
"No, it's not completely filled in. Therefore this ballot is in error and doesn't count."
"This guy voted for Pat Buchanan, obviously his vote is incorrect."

Yes, the form of paper ballots matter. In my town we do well enough with having to connect an arrow with a magic marker. No it is not perfect and mistakes in "interpretation" could be made during a recount even asking people to make a clear mark. But the important thing is that there are clearly defined criteria for counting a vote that the average person can meet within a human margin of error.

My point to all this is that I voted in a county that had mechanical voting machines for nearly 50 years. They didn't have a paper trail. The only thing that was updated was a mechanical counter inside the machine that kept the tallies. These machines were opened during the day to check the counts (at which point they could also be tampered with) and at the end of the day these counts were read off and phoned to the central office then the counts were reset.

That would be just as bad as any other virtual ballot system, but I doubt you are describing the story in full. I too have voted on the machines with the little switches and the big lever, but I recall that there was also a roll of paper where a mark was made for each vote cast, which could be recounted if needed. I have nothing against this method, or for that matter computer ballots, as long as there is a physical record of the actual vote. What was lacking in the machine you describe, was a way for the voter to verify that the vote was recorded the way he or she voted.

What's the difference between the mechanical and the evoting ones? Ultimately nothing. Ultimately you have to trust the people running the system because otherwise Democracy means nothing because you don't trust your fellow man to properly vote or check your vote. I realize that's difficult when Bush is trying to orchestrate a coup to overthrow Democracy, especially after all those Diebold machines gave the vote to Republicans in this last mid-term election. But hey, that's how it goes.

The point is that you have to trust most people in a Democracy to do the right thing, but you can't trust everyone. The system must be designed so that individual corruption does not so easily corrupt the whole system. Computer balloting, especially without a voter verified paper trail, threatens this principal. In the past sure you could have a vast conspiracy involving hundreds of people strategically positioned at polling places to gum up the works in your opponents territory... so that what it took was a fairly elaborate dirty tricks outfit to steal an election. Now you have 5 or 10 people that know a thing or two about computers and find some vulnerability in the system and hack the election in a wholesale way.

Oh and it also becomes much more believable when the election machines stop working in a particularly busy district and the long lines reduce turnout and votes never even get cast. Much harder to justify those long turnout reducing lines when all someone needs is a pen and a surface to write on.

Though e

Outsourcing certification makes no sense.

[hey!]

OK, the government should not be in the business of designing and manufacturing equipment.

But why outsource the certification of equipment? This is precisely the kind of task that a government bureaucracy is best suited for: you have a routine task that is done by established rules and procedures. It's hard to see how a private company could outperform a government agency at apply a set of standards with unforgiving rigidity. The problem with government processes is that even good people working in them (of which there are many) are hampered by the bureaucracy's rules and culture, which limit the scope of individual initiative and judgment. In this case it would be a good thing.

The hard thing in the whole process is creating the certification standards. Here there is considerable use for consultants from academia and business.

What this suggests to me is that there aren't really standards. It looks like they just took the whole mess and swept it under the rug, letting the vendors select a sham certification organization.

This is an abdication of an important responsibility the government has. Not just to ensure free and fair elections, but to make sure it spends our money responsibly.

Smash them

[demo9orgon]

If the machines and their code are still obfuscated by the next election then the machines should be destroyed.

If the government and it's anointed tools aren't up to the job then it's the duty of the citizens to take care of the problem. It's why we have the right to bear arms. It's why Thomas Jefferson's memorial has such pithy inscriptions. We sadly, currently, live in exactly the situation the founding fathers foresaw.

If the only effective protest is the destruction of the tools of misrepresentation, and if people are willing to die for their freedom and to protect their country and their constitution there shouldn't be any problem. We should fight the threats at home before exporting our expertise to damage others abroad at the behest of corrupt industries. Our politicians have been funded/emplaced by the very companies who seek to profit the most from a muddled vote. If voting is our one sure way of getting a message across then it needs the same kind of protection that the Constitution requires. It requires and demands the right of the citizenry to implement deadly force to secure it's own voice.

With the long lines and the availability of floors and blunt objects in polling places it shouldn't take more than an hour after polling facilities open to accomplish the task nation-wide.

And to all those citizens who think this isn't the solution, please reply with one that's rooted in reality, and not some "hugs and tea" fascimilie of reality.

Cheers.

Re:Misleading headline

[Kijori]

His point isn't that Ciber will keep testing, it's that the /. headline has a negative bias to it; it makes it sound like the Government banned an independent organisation from looking at the machines, which seems corrupt, when actually they were acting to try to increase the stringency of the testing.